Claims 

WE CLAIM: 

1 . A method of determining whether a requested permission, requested by a called code 
frame, is satisfied within a runtime call stack so as to allow the called code frame to perform a 
protected operation, the method comprising: 

associating a permission grant object with a first code assembly in the runtime call stack; 
creating a permission request object within the called code frame to demand the requested 
permission; 

demanding via the permission request object the requested permission from the 
permission grant object to allow the called code frame to perform the protected operation; 

determining whether the requested permission is provided in association with the first 
code assembly by the permission grant object, responsive to the demanding operation; and 

permitting execution of the called code frame to perform the protected operation, if the 
requested permission is provided in association with the first code assembly. 

2. The method of claim 1 wherein the called code frame is included within the first code 
assembly. 

3. The method of claim 1 wherein the called code frame is included within a lower level 
code assembly following the first code assembly in the runtime call stack. 
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4. The method of claim 1 further comprising: 

associating a second permission grant object with a second code assembly loaded in the 
runtime call stack, the second code assembly preceding the first code assembly in the runtime 
call stack. 

5. The method of claim 1 further comprising: 

determining whether the requested permission is provided in association with the second 
code assembly by the second permission grant object. 

6. The method of claim 1 wherein the operation of permitting execution of the called 
code frame comprises: 

asserting within the first code assembly that a permission grant object associated with at 
least one other code assembly preceding the first code assembly need not be evaluated to 
determine whether a specified permission is satisfied in association with the other code assembly 
in the runtime call stack, regardless of whether the specified permission is provided by the 
permission grant object associated with the other code assembly; and 

permitting execution of the called code frame to perform the protected operation, if the 
requested permission is a subset of the specified permission. 

7. The method of claim 1 wherein the operation of permitting execution of the called 
code frame comprises: 

asserting within the first code assembly that a permission grant object associated with at 
least one other code assembly preceding the first code assembly does not satisfy a specified 
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5 permission within the runtime call stack, regardless of whether the specified permission is 
provided by the permission grant object associated with the other code assembly; and 

preventing execution of the called code frame to perform the protected operation, if the 
requested permission is a subset of the specified permission. 

8. The method of claim 1 wherein the operation of permitting execution of the called 
code frame comprises: 

asserting within the first code assembly that a permission grant object associated with at 
least one other code assembly preceding the first code assembly satisfies only one or more 
Si 5 specified permissions, regardless of whether one or more other permissions are also provided by 



the permission grant object associated with the other code assembly; and 
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permitting execution of the called code frame to perform the protected operation, only if 



the requested permission is a subset of the specified permissions. 




and the corresponding permission object encoded in the permission grant object satisfy a 



9. The method of claim 1 wherein the permission object encoded in the code assembly 



common permission interface. 



10. The method of claim 1 wherein the operation of associating a first permission grant 



object with a first code assembly comprises: 



associating the first permission grant object with an individual method of the first code 



assembly. 
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11. The method of claim 1 wherein the operation of associating a first permission grant 
object with a first code assembly comprises: 

associating the first permission grant object with an individual class of the first code 
assembly. 

12. The method of claim 1 wherein the operation of associating a first permission grant 
object with a first code assembly comprises: 

associating the first permission grant object with an individual module of the first code 
assembly. 
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13. A method determining whether a requested permission, requested by a called code 
frame, is satisfied within a runtime call stack so as to allow the called code frame to perform a 
protected operation, the method comprising: 

associating a first permission grant object with a first code assembly in the runtime call 



associating a second permission grant object with a second code assembly in the runtime 
call stack; 

computing a first intersection of permissions provided by the first permission grant object 
and the second permission grant object; 



demanding the requested permission; and 

permitting execution of the called code frame if the requested permission is a subset of 
the cached permission intersection. 

14. The method of claim 13 further comprising: 

associating a third permission grant object with a third code assembly in the runtime call 

stack; 

computing a second intersection of permissions provided by the first permission grant 
5 object, the second permission grant object, and the third permission grant object; and 

recording the second intersection of permissions to provide the cached permission 
intersection. 



5 stack; 
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recording the first intersection of permissions to provide a cached permission 



intersection; 
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15. The method of claim 13 wherein the called code frame is included within the first 
code assembly. 

16. The method of claim 13 wherein the called code frame is included within a lower 
level code assembly following the first code assembly in the runtime call stack. 

17. The method of claim 13 wherein the operation of associating a first permission grant 
object with a first code assembly comprises: 

associating the first permission grant object with an individual method of the first code 
assembly. 

18. The method of claim 13 wherein the operation of associating a first permission grant 
object with a first code assembly comprises: 

associating the first permission grant object with an individual class of the first code 
assembly. 

19. The method of claim 13 wherein the operation of associating a first permission grant 
object with a first code assembly comprises: 

associating the first permission grant object with an individual module of the first code 
assembly. 
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20. A runtime system for determining whether a requested permission, requested by a 
called code frame, is satisfied within a runtime call stack so as to allow the called code frame to 
perform a protected operation, the runtime system comprising: 

a first code assembly loaded into the runtime call stack; 
5 a first permission grant object associated with the first code assembly comprising one or 

more permissions available to the first code assembly; and 

a first permission request object created by the called code frame requesting the requested 
permission from the first permission grant object, wherein the called code frame is permitted to 

0 execute the protected operation if the first permission request object determines from the 

10 permission grant object that the requested permission is satisfied by the first code assembly. 
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21. The runtime system of claim 20 wherein the called code frame is included within the 
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22. The runtime system of claim 20 wherein the called code frame is included within a 
lower level code assembly following the first code assembly in the runtime call stack. 

23. The runtime system of claim 20 wherein the first permission grant object is associated 
with an individual method of the first code assembly. 

24. The runtime system of claim 20 wherein the first permission grant object is associated 
with an individual class of the first code assembly. 

25. The runtime system of claim 20 wherein the first permission grant object is associated 
with an individual module of the first code assembly. 
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26. A runtime system for determining whether a requested permission, requested by a 
called code frame, is satisfied within a runtime call stack so as to allow the called code frame to 
perform a protected operation, the runtime system comprising: 

a first permission grant object associated with a first code assembly in the runtime call 

stack; 

a second permission grant object associated with a second code assembly in the runtime 
call stack; and 

a cache storing an intersection of permissions provided by the first permission grant 
object and the second permission grant object, wherein execution of the called code frame is 
permitted if the requested permission is a subset of the cached permission intersection. 

27. The runtime system of claim 26 wherein the intersection is computed and stored in 
the cache before the requested permission is requested. 
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28. A computer program product encoding a computer program for determining whether 
a requested permission, requested by a called code frame, is satisfied within a runtime call stack 
so as to allow the called code frame to perform a protected operation, the computer process 
comprising: 

associating a permission grant object with a first code assembly in the runtime call stack; 
creating a permission request object within the called code frame to demand the requested 
permission; 

demanding via the permission request object the requested permission from the 
permission grant object to allow the called code frame to perform the protected operation; 

determining whether the requested permission is satisfied in association with the first 
code assembly by the permission grant object, responsive to the demanding operation; and 

permitting execution of the called code frame to perform the protected operation, if the 
requested permission is provided in association with the first code assembly. 

29. The computer program product of claim 28 wherein the called code frame is included 
within the first code assembly. 

30. The computer program product of claim 28 wherein the called code frame is included 
within a lower level code assembly following the first code assembly in the runtime call stack. 

31. The computer program product of claim 28 wherein the computer process further 
comprises: 

associating a second permission grant object with a second code assembly loaded in the 
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runtime call stack, the second code assembly preceding the first code assembly in the runtime 
call stack. 

32. The computer program product of claim 31 wherein the computer process further 
comprises: 

determining whether the requested permission is provided in association with the second 
code assembly by the second permission grant object. 

33. The computer program product of claim 31 wherein the operation of permitting 
execution of the called code frame comprises: 

asserting within the first code assembly that a permission grant object associated with at 
least one other code assembly preceding the first code assembly need not be evaluated to 
determine whether a specified permission is satisfied in association with the other code assembly 
in the runtime call stack, regardless of whether the specified permission is provided by the 
permission grant object associated with the other code assembly; and 

permitting execution of the called code frame to perform the protected operation, if the 
requested permission is a subset of the specified permission. 

34. The computer program product of claim 31 wherein the operation of permitting 
execution of the called code frame comprises: 

asserting within the first code assembly that a permission grant object associated with at 
least one other code assembly preceding the first code assembly does not satisfy a specified 
permission within the runtime call stack, regardless of whether the specified permission is 
provided by the permission grant object associated with the other code assembly; and 
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preventing execution of the called code frame to perform the protected operation, if the 
requested permission is a subset of the specified permission. 

35. The computer program product of claim 31 wherein the operation of permitting 
execution of the called code frame comprises: 

asserting within the first code assembly that a permission grant object associated with at 
least one other code assembly preceding the first code assembly satisfies only one or more 
specified permissions, regardless of whether one or more other permissions are also provided by 
the permission grant object associated with the other code assembly; and 

permitting execution of the called code frame to perform the protected operation, only if 
the requested permission is a subset of the specified permissions. 

36. The computer process of claim 28 wherein the permission object encoded in the code 
assembly and the corresponding permission object encoded in the permission grant object satisfy 
a common permission interface. 

37. The computer program product of claim 28 wherein the operation of associating a 
permission grant object with a first code assembly comprises: 

associating the first permission grant object with an individual method of the first code 
assembly. 
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38. The computer program product of claim 28 wherein the operation of associating a 
permission grant object with a first code assembly comprises: 

associating the first permission grant object with an individual class of the first code 
assembly. 

39. The computer program product of claim 28 wherein the operation of associating a 
permission grant object with a first code assembly comprises: 

associating the first permission grant object with an individual module of the first code 
assembly. 
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40. A computer program product encoding a computer program for determining whether 
a requested permission, requested by a called code frame, is satisfied within a runtime call stack 
so as to allow the called code frame to perform a protected operation, the computer process 
comprising: 

associating a first permission grant object with a first code assembly in the runtime call 

stack; 

associating a second permission grant object with a second code assembly in the runtime 
call stack; 

computing a first intersection of permissions provided by the first permission grant object 
and the second permission grant object; 

recording the first intersection of permissions to provide a cached permission 
intersection; and 

permitting execution of the called code frame if the requested permission is a subset of 
the cached permission intersection. 

41. The computer program product of claim 40 wherein the computer process further 
comprises: 

associating a third permission grant object with a third code assembly in the runtime call 

stack; 

computing a second intersection of permissions provided by the first permission grant 
object, the second permission grant object, and the third permission grant object; and 
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recording the second intersection of permissions to provide the cached permission 
intersection. 

42. The computer program product of claim 40 wherein the called code frame is included 
within the first code assembly. 

43. The computer program product of claim 40 wherein the called code frame is included 
within a lower level code assembly following the first code assembly in the runtime call stack. 

44. The computer program product of claim 40 wherein the operation of associating a 
first permission grant object with a first code assembly comprises: 

associating the first permission grant object with an individual method of the first code 
assembly. 

45. The computer program product of claim 40 wherein the operation of associating a 
first permission grant object with a first code assembly comprises: 

associating the first permission grant object with an individual class of the first code 
assembly. 

46. The computer program product of claim 40 wherein the operation of associating a 
first permission grant object with a first code assembly comprises: 

associating the first permission grant object with an individual module of the first code 
assembly. 
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